On Thu, Jan 31, 2019 at 11:05 PM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > And part of "best effort" is very much "not a security information leak". Side note: it's entirely possible that the preadv2(RWF_NOWAIT) interface is actually already effectively too slow to be effectively used as much of an attack vector. One of the advantages of mincore() for the attack was that you could just get a lot of page status information in one go. With RWF_NOWAIT, you only really get "up to the first non-cached page", so it's already a weaker signal than mincore() gave. System calls aren't horrendously slow (at least not with fixed non-meltdown CPU's), but it might still be a somewhat noticeable inconvenience in an attack that is already probably not all that easy to do on an arbitrary target. So it might not be a huge deal. But I think we should at least try to make things less useful for these kinds of attack vectors. And no, that doesn't mean "stop all theoretical attacks". It means "let's try to make things less convenient as a data leak". That's why things like "oh, you can still see the signal if you can keep the backing device congested" is not something I'd worry about. It's just another (big) inconvenience, and not all that simple to do. At some point, it's simply not worth it as an attack vector any more. Linus